From 0c206ceb99e331d1cc9c8726c04c0004611688bc Mon Sep 17 00:00:00 2001
From: Rohith Jayawardene <gambol99@gmail.com>
Date: Wed, 11 Oct 2017 22:20:37 +0000
Subject: [PATCH] Method Exclusion (#282)

I introduced a bug and moving to the chi router; the method selection was not longer working and the auth middleware was being hit on methods no destined for auth.

- removed the MethodNotAllowed, the source of the issue
---
 middleware_test.go | 24 ++++++++++++++++++++++++
 server.go          | 14 ++++++--------
 2 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/middleware_test.go b/middleware_test.go
index 13f9f3c..fb151be 100644
--- a/middleware_test.go
+++ b/middleware_test.go
@@ -326,6 +326,30 @@ func TestOauthRequests(t *testing.T) {
 	newFakeProxy(cfg).RunTests(t, requests)
 }
 
+func TestMethodExclusions(t *testing.T) {
+	cfg := newFakeKeycloakConfig()
+	cfg.Resources = []*Resource{
+		{
+			URL:     "/post",
+			Methods: []string{http.MethodPost, http.MethodPut},
+		},
+	}
+	requests := []fakeRequest{
+		{ // we should get a 401
+			URI:          "/post",
+			Method:       http.MethodPost,
+			ExpectedCode: http.StatusUnauthorized,
+		},
+		{ // we should be permitted
+			URI:           "/post",
+			Method:        http.MethodGet,
+			ExpectedProxy: true,
+			ExpectedCode:  http.StatusOK,
+		},
+	}
+	newFakeProxy(cfg).RunTests(t, requests)
+}
+
 func TestStrangeRoutingError(t *testing.T) {
 	cfg := newFakeKeycloakConfig()
 	cfg.Resources = []*Resource{
diff --git a/server.go b/server.go
index 339695f..c9efd15 100644
--- a/server.go
+++ b/server.go
@@ -226,18 +226,16 @@ func (r *oauthProxy) createReverseProxy() error {
 			r.authenticationMiddleware(x),
 			r.admissionMiddleware(x),
 			r.headersMiddleware(r.config.AddClaims))
-		e.MethodNotAllowed(emptyHandler)
-		switch x.WhiteListed {
-		case false:
-			for _, m := range x.Methods {
+
+		for _, m := range x.Methods {
+			if !x.WhiteListed {
 				e.MethodFunc(m, x.URL, emptyHandler)
+				continue
 			}
-		default:
-			for _, m := range x.Methods {
-				engine.MethodFunc(m, x.URL, emptyHandler)
-			}
+			engine.MethodFunc(m, x.URL, emptyHandler)
 		}
 	}
+
 	for name, value := range r.config.MatchClaims {
 		r.log.Info("token must contain", zap.String("claim", name), zap.String("value", value))
 	}
-- 
GitLab